All Products
Search
Document Center

CDN:Limits

Last Updated:Jun 13, 2024

This topic describes the requirements and limits that apply to domain names when you use Alibaba Cloud CDN. Make sure that your domain names and the related content conform with the requirements to prevent losses that may result from regulatory violations.

Item

Description

Burst bandwidth/QPS throttling rules

According to the Alibaba Cloud International Website Product Terms of Service, if you expect traffic or QPS spikes, including but not limited to on stress tests on bandwidth or QPS, promotional activities, and major releases, on Alibaba Cloud CDN-accelerated services, you need to contact your account manager or contact us to apply for burst bandwidth at least 3 business days in advance. For major events including but not limited to the Spring Festival Gala and Double 11 Global Shopping Festival, you need to apply for burst bandwidth at least 1 month in advance.

  • If the application is approved, the availability of your services is guaranteed when the burst bandwidth is within the level agreed upon by both parties.

  • If you do not apply for burst bandwidth or the application is rejected, Alibaba Cloud reserves the right to take measures such as bandwidth throttling to ensure service-level stability for other Alibaba Cloud customers. Bandwidth throttling is not necessarily triggered. Alibaba Cloud determines whether to enable bandwidth throttling based on service conditions and the level of the burst bandwidth. Alibaba Cloud is not responsible for the reduced availability caused by the measures.

  • If you do not apply for burst bandwidth or the application is rejected, the following issues may occur:

    • Burst bandwidth may trigger throttling rules of Alibaba Cloud CDN. For more information, see Burst bandwidth.

    • Burst QPS may trigger HTTP flood protection rules of Alibaba Cloud CDN. In this case, the domain name may be added to a sandbox. For more information, see Introduction to sandboxes.

Potential domain attacks or data transmission abuse

By default, Alibaba Cloud CDN does not provide access control or security protection capabilities. If your domain name is attacked or abused for data transmission, high bandwidth or traffic spikes may occur. In this case, you may receive bills that are higher than expected.

High bills that are generated by malicious attacks or data transmission abuse cannot be waived or refunded. For information about how to prevent high bills from being generated, see Configure high bill alerts.

Domain name

  • Requirements for domain name formats:

    • The domain name must be 1 to 67 characters in length.

    • The domain name can contain lowercase letters, digits, and hyphens (-). Example: example.com.

    • The domain name cannot contain Chinese characters, uppercase letters, or special characters other than hyphens (-). The domain name cannot be a hyphen (-). The domain name cannot contain consecutive hyphens (-). The domain name cannot start or end with a hyphen (-). If the domain name contains Chinese characters such as 阿里云.网址, you must perform ICP filing for the Chinese domain name. Then, use the Punycode tool to convert the domain name into English characters such as xn--fiq****.xn--eq****. Specify the converted domain name as the domain name to be accelerated.

  • Requirements for wildcard domain names:

    • Alibaba Cloud CDN supports wildcard domain names. For information about the limits on wildcard domain names, see Does Alibaba Cloud CDN support wildcard domain names?

    • The wildcard domain name that you specify and the domain names that match the wildcard domain name must belong to the same Alibaba Cloud account. Otherwise, an error message appears when you add domain names.

    • If a wildcard domain name has not been added to an Alibaba Cloud account, you are allowed to add the subdomains of the wildcard domain name to multiple Alibaba Cloud accounts.

    • If you add a wildcard domain name such as .aliyundoc.com and matching specific domain names such as example.aliyundoc.com to Alibaba Cloud CDN, only the first 500 specific domain names can be accelerated by Alibaba Cloud CDN.

      Note

      The first 500 specific domain names that match the wildcard domain name can be accelerated by Alibaba Cloud CDN.

  • Requirements for domain name ICP filing and compliance:

    • ICP filing: If you set the acceleration region of a domain name to Global or Chinese Mainland Only, you must apply for an ICP number for the domain name. We recommend that you use Alibaba Cloud ICP Filing System to apply for ICP numbers. For more information, see Prepare and check the instance and access information.

    • The content that is delivered from the domain name must be legal and compliant with the Terms of Service for Alibaba Cloud CDN. For more information about the limits, see Limits.

    • Each Alibaba Cloud account can add up to 50 domain names to Alibaba Cloud CDN.

      Note

      If the average daily peak bandwidth of your domain names exceeds 50 Mbit/s, you can request to add more domain names by following the method that is described in Quota management. Make sure that the increase in domain names does not cause business risks.

    • You cannot add domain names that have been added to other Alibaba Cloud services. If you want to transfer an Alibaba Cloud CDN-accelerated domain name to another Alibaba Cloud account, verify the ownership of the domain name first. For more information, see Transfer a domain name to another Alibaba Cloud account. If the system prompts that the domain name is added to other Alibaba Cloud services such as ApsaraVideo VOD and DCDN, submit a ticket.

    • Domain name reclaiming: If your domain name is disabled for 120 days, Alibaba Cloud CDN deletes the configuration records that are related to the domain name. This rule also applies to domain names that fail ownership verification. If you want to continue using the domain name, you must go to the Alibaba Cloud CDN console to add the domain name again.

    • Domain name disabling: For more information, see Rules for disabling accelerated domain names.

    • Sandbox: If an accelerated domain name is under attack, such as DDoS attacks or HTTP flood attacks, or faces significant increases in bandwidth or QPS due to traffic spikes that have not been reported to Alibaba Cloud, Alibaba Cloud CDN has the right to determine whether to add the attacked domain name to a sandbox based on factors such as the service status of the domain name and the impact of the attack. This ensures that the acceleration services of other users can work as expected. For more information, see Introduction to sandboxes. If the attack is severe, other accelerated domain names in the same account are also added to the sandbox, and new domain names cannot be added to the account.

Access region

If you set Region to Global (Excluding the Chinese mainland) for an accelerated domain name, Alibaba Cloud CDN blocks user requests to points of presence (POPs) that are located in the Chinese mainland.

IoT card

According to the Notice on Printing and Distributing the Trial Implementation Guidelines for the Classification and Security Management of IoT Cards (MIIT Network Security Letter [2020] No. 1173) set forth by the Ministry of Industry and Information Technology (MIIT) of the People's Republic of China, Alibaba Cloud CDN cannot to provide acceleration services for devices that use IoT cards in regions in the Chinese mainland. When devices that use IoT cards attempt to access POPs, the devices may fail to establish connections to the IP addresses of the POPs.

Origin server

  • Address length: The address of an origin server cannot exceed 67 characters in length.

  • Maximum number of origin servers: You can configure up to 20 origin servers for each accelerated domain name.

  • OSS domain name

    • If your origin server is an Object Storage Service (OSS) bucket, you can select or enter the public domain name of the OSS bucket, such as ***.oss-cn-hangzhou.aliyuncs.com. Alibaba Cloud CDN does not support internal domain names of OSS buckets.

    • You can obtain the public domain name of an OSS bucket in the OSS console. You can also select the domain name of an OSS bucket that belongs to the current Alibaba Cloud account from the Domain Name drop-down list.

    Note

    Discounts for data transfer between Alibaba Cloud CDN and OSS:

    • If you want OSS to identify network traffic that is sent from Alibaba Cloud CDN and apply for a discount on the data transfer, you need to set the origin server type to OSS Domain in the Alibaba Cloud CDN console.

    • If you set the origin server type to Site Domain in the Alibaba Cloud CDN console, OSS identifies network traffic that is sent from Alibaba Cloud CDN as outbound data transfer over the Internet. In this case, the discounts do not apply.

    For more information, see Billing of OSS content acceleration.

  • IP address: You can configure one or more origin IP addresses. Internal IP addresses are not supported. IPv4 addresses and IPv6 addresses are supported. At least one of the IP addresses must be an IPv4 address. If you use a public IP address of an Alibaba Cloud Elastic Compute Service (ECS) instance as the address of the origin server, the IP address is exempt from manual review.

  • Origin domain: Enter the domain names of one or more origin servers.

    Note
    • The origin domain name must be different from the accelerated domain name. Otherwise, a DNS resolution loop occurs, and requests cannot be redirected to the origin server.

    • The format of the origin domain name:

      • The domain name must be 1 to 67 characters in length.

      • The domain name can contain lowercase letters, digits, and hyphens (-). Example: example.com.

      • The domain name cannot contain Chinese characters, uppercase letters, or special characters other than hyphens (-). The domain name cannot be only a hyphen (-). A hyphen (-) in a domain name cannot be followed by another hyphen (-). The domain name cannot start or end with a hyphen (-). If the domain name contains Chinese characters, such as 阿里云.网址, you must apply for an ICP number for the domain name in Chinese characters and use the Punycode tool to convert the Chinese characters into English letters, such as xn--fiq****.xn--eq****. Then, you can specify the converted domain name as the domain name that you want to accelerate.

    • You can add the address of an Alibaba Cloud Application Load Balancer (ALB) instance, such as example.hangzhou.alb.aliyuncs.com, as the address of an origin server.

  • Function Compute domain: Enter a Function Compute domain name that belongs to the current Alibaba Cloud account. If you select this option, you need to configure the Region and Domain Name parameters. For more information, see Configure a custom domain name.

CNAME

CNAMEs that are assigned by Alibaba Cloud CDN, DCDN, ApsaraVideo Live, or ApsaraVideo VOD are used only for domain name resolution by Alibaba Cloud CDN. If Alibaba Cloud discovers that your CNAME is used for malicious activities, Alibaba Cloud reserves the right to close your Alibaba Cloud account and remove the domain names.

Service quota

  • Domain name

    Each Alibaba Cloud account can add up to 50 domain names to Alibaba Cloud CDN. If the average daily peak bandwidth exceeds 50 Mbit/s and your workloads are under protection, you can request a quota increase. For more information, see Quota management.

  • Cache refresh

    • URL refresh: 10,000 URLs per day for each Alibaba Cloud account.

    • Directory refresh: 100 directories per day for each Alibaba Cloud account.

    If your daily peak bandwidth exceeds 200 Mbit/s, you can request a quota increase. Alibaba Cloud determines whether to approve your application based on your business requirements. For more information, see Quota management.

  • File prefetch

    You can prefetch files only by using URLs. Each Alibaba Cloud account can submit up to 1,000 URLs per day.

    If your daily peak bandwidth exceeds 200 Mbit/s, you can request a quota increase by following instructions in Quota management. Alibaba Cloud determines whether to approve your application based on your business requirements.

Content moderation

Alibaba Cloud reviews the content served on all accelerated domain names. Domain names that cannot be accelerated by Alibaba Cloud CDN include but are not limited to:

  • Domain names of websites whose content is inaccessible or does not provide valid information

  • Domain names that point to illegal private game servers

  • Domain names of websites that provide multiplayer role-playing games and card games

  • Domain names of websites that provide downloads of pirated content, including pirated software, books, videos, and comics

  • Domain names of peer-to-peer (P2P) lending websites

  • Domain names of unofficial lottery websites

  • Domain names of websites of unlicensed hospitals and pharmaceuticals

  • Domain names of websites that contain illicit content, such as pornography, drugs, and gambling

Note
  • You are legally responsible for the content that is hosted on your accelerated domain name. Alibaba Cloud CDN regularly reviews the content served on accelerated domain names. If Alibaba Cloud CDN detects that illicit content is served on a domain name, the system immediately disables or blocks the domain name. In serious cases, Alibaba Cloud CDN may permanently block all domain names that belong to the Alibaba Cloud account.

  • For example, if you add a wildcard domain name such as *.example.com to Alibaba Cloud CDN and a specific domain name (a.example.com) that matches the wildcard domain name contains illicit content, Alibaba Cloud CDN disables the entire wildcard domain name (*.example.com).

  • If a domain name fails the review, you can check the reason for rejection on the Domain Names page in the Alibaba Cloud CDN console. Then, you can modify the content based on the rejection details and resubmit the domain name for review.

File

  • File cache

    • Responses whose Cache-Control directives do not allow caching: If the request to a file whose size is larger than 100 MB is a cache miss, Alibaba Cloud CDN closes the connection after the amount of data transmitted from the origin server reaches 100 MB.

    • Responses whose Cache-Control directives allow caching: Alibaba Cloud CDN can cache files up to 500 GB in size.

  • File upload

    You can upload files to origin servers by using Alibaba Cloud CDN. Each file can be up to 300 MB in size.

EdgeScript

By default, you can configure only one script for each domain name. If you want to configure multiple scripts, contact your account manager or contact us.

Origin fetch

  • The size of HTTP request headers that you add in the Alibaba Cloud CDN console or by calling an API operation cannot exceed 300 bytes.

  • Timeout

    By default, the timeout period for origin requests that are transmitted over Transmission Control Protocol (TCP) is 10 seconds. The timeout period for origin requests that are transmitted over HTTP is 30 seconds.

  • Response header

    If the origin server does not return the Content-Type header, Alibaba Cloud CDN automatically adds the Content-Type:application/octet-stream header.

  • Automatic conversion from HEAD to GET for origin requests

    By default, Alibaba Cloud CDN POPs convert HEAD requests to GET requests before the requests are redirected to the origin server. If you want POPs to redirect HEAD requests to the origin server, you can configure the following request header on the Custom Request Header tab in the Alibaba Cloud CDN console. For more information, see Configure HTTP request headers.

    • Custom header: Ali-Swift-Fwd-Head

    • Value: on

Important

After you add origin request headers in the Back-to-origin Request Headers dialog box, the strings are converted to camel case during origin fetch, as shown in the following examples:

  • Example 1: The request header ALI-CDN is converted into Ali-Cdn during origin fetch.

  • Example 2: The request header ALICDN is converted to Alicdn during origin fetch.

If you want to disable automatic case conversion, add the following header in the Back-to-origin Request Headers dialog box:

  • Custom header: Ali-Swift-Header-Capitalize

  • Value: off

Length of an individual URL or HTTP request header, and total length of URLs and HTTP request headers

HTTP/2:

  • If the default setting of the NGINX directive is http2_max_field_size=32KB, the length of an individual HTTP request header or an individual URL cannot exceed 32 KB. Otherwise, the HTTP 414 status code is returned.

  • If the default setting of the NGINX directive is http2_max_header_size=128KB, the total size of all HTTP request headers and URLs cannot exceed 128 KB. Otherwise, the HTTP 400 status code is returned.

HTTP/1.1: For the large_client_header_buffers directive, number is set to 4 and size is set to 64 KB. In this case, the length of an individual HTTP request header or an individual URL cannot exceed 64 KB. Otherwise, the HTTP 414 status code is returned. The total size of all HTTP request headers and URLs cannot exceed 256 KB. Otherwise, the HTTP 400 status code is returned.

Total size of origin HTTP response headers

The total size of HTTP response headers cannot exceed 30 KB in the message that is returned from the origin server to Alibaba Cloud CDN POPs. Otherwise, the HTTP 502 status code is returned.

Request method

Alibaba Cloud CDN supports the following request methods: GET, PUT, POST, HEAD, and OPTION.

Note
  • If you want your website to support DELETE and PATCH requests, use DCDN to enable dynamic content delivery.

  • PUT allows HTTP requests that contain a request body (BODY) or do not contain a request body (Content-Length=0).

  • POST supports chunked encoding and allows HTTP requests that contain a request body (BODY) or do not contain a request body (Content-Length=0).

  • For cached static resources, POPs convert HEAD requests to GET requests before the requests are redirected to the origin server by default. If you want POPs to redirect HEAD requests to the origin server, you can configure the following request header on the Custom Request Header tab in the Alibaba Cloud CDN console. For more information, see Configure HTTP request headers.

    • Custom header: Ali-Swift-Fwd-Head

    • Value: on

Feature configuration

You can add a maximum of 50 configurations, including but not limited to the following features: Custom Request Header, Custom Response Headers, Origin URL Rewrite, Parameter Rewrite, and Cache Expiration.

Gzip compression and Brotli compression

You can use the Gzip compression or Brotli compression feature to compress the files only if the size of files on the origin server ranges from 1 KB to 10 MB. Files that are smaller than 1 KB or larger than 10 MB are not compressed.

API call for each account

You can call this API up to 1,000 times per second per account. If the upper limit is reached, the following message is returned:

ErrorCode:Throttling
ErrorMessage:Request was denied due to flow control.